It is a reality that the HTTPS protocol has spread across the network unstoppably. I would say that this HTTPS expansion is the consequence of considering the HTTP protocol as insecure. The truth is that with the arrival of the HTTPS protocol,
new errors
have reached our browsers. For this reason, we are going to teach you how to check
when an HTTPS SSL / TLS certificate of a web page is valid
.
HTTPS SSL certificates have an expiration date and once reached they are no longer considered secure.
This implies that if a website is using an expired certificate, the browser will not allow us to access it.
How to verify the validity or expiration of an HTTPS SSL / TLS certificate?
Sometimes we need to check the validity of an SSL / TLS certificate to make sure it has not expired.
The easiest way to obtain the expiration date of the certificate is to use the browser itself.
We will use FireFox or Chrome, either of us serves.
Simply access the web under the HTTPS protocol, for example
https://www.vozidea.com/
and once the web page is open, click on the lock icon next to the URL.
Check the certificate in Chrome.
From here, if we use Chrome, click on the
"Certificate"
option and we will be able to see all the information of the SSL certificate, including the issuance date and the expiration date.
Verify the SSL certificate using FireFox.
If we use FireFox, once we click on the lock icon we will have to click on the icon with an arrow to the right and then click on the option
«More information»
.
This displays a new window where the connection details are displayed and we can check the expiration date of the certificate, the issuer, technical data on encryption, etc.
What is an HTTPS SSL / TLS certificate?
We can define an HTTPS SSL / TLS certificate as small fragments of cryptographic code associated with an organization or issuing entity.
To understand it better,
we could say that they are the necessary element for the HTTPS protocol connections to be secure
. These certificates also enable the implementation of secure protocols such as FTPS, SMTPS, etc.
SSL / TLS certificates are always associated with two elements:
-
A domain
name, host name or server name.
-
An organization with its own identity
, for example the name of a company.
How do SSL / TLS certificates work?
The HTTPS SSL certificates consist of a public key that allows the information to be encrypted and a private key that is what allows it to be decrypted.
These keys are randomly generated cryptographic keys.
The public key is known by the server and is also publicly available.
This is used to encrypt messages or data transmission. On the other hand, there is
the private key that is only known to the server
, so that it can only decrypt the data.
Let's see it with an example so that there are no doubts. If Juan wants to send a message to Maria, he can use Maria's public certificate to encrypt the message. Once Maria receives the message, only she can decrypt it because she is the only person who has the private key. In this way, if a thief steals Juan's message before he arrives at Mary, he cannot decrypt it and it will not help him at all.
Why do HTTPS certificates expire?
All HTTPS SSL certificates have a pre-established period of validity.
Once the certificate has expired, modern browsers show errors and warnings while disabling data transmission.
Security experts claim that SSL certificates must expire to be secure.
This forces us to renew them from time to time and it is not something that I miss, because something similar happens with the certificates of the electronic ID and similar cryptographic technologies.
Now that we know that establishing a validity time increases the security of certificates, we must look at the other side of the coin. Some organizations claim that this limited period of validity is a big deal for companies that sell these certificates. Currently, having free SSL / TLS certificate issuing entities such as
Let's Encrypt available
, this argument has become obsolete.
Differences between HTTPS, SSL and TLS.
When we talk about the HTTPS protocol and certificates, there are always words like SSL or TLS that we don't know very well what they mean. We will try to explain each of these concepts and see
what is the difference between HTTPS, SSL and TLS
.
On the one hand SSL is a cryptographic protocol that allows secure communication.
The SSL protocol evolved over the years and there came a time when it was replaced by its successor, the TLS protocol.
This evolution towards the TLS protocol tries to correct the different weaknesses and
vulnerabilities
that were found in the SLL protocol. The
IETF
itself considers
the SSL v2 and SSL v3 protocols
as
depreciated
.
So, HTTPS is nothing more than an implementation of the HTTP protocol over SSL / TLS.
In other words, HTTPS is a combination of HTTP and SSL / TLS.
You may wonder why SLL is still used instead of talking about TLS, since the former is depreciated. This is because the use of the SSL acronym is widespread on the internet, but in my view the right thing is to combine the SSL / TLS acronyms so that there is no doubt.